<?php
	namespace Tools;
	use \Think\Controller;
//后台控制器的父类控制器
	class AdminController extends Controller{
		//构造方法
		function __construct(){
			//先执行父类构造方法，避免功能缺失
			parent::__construct();
			//在此处做用户访问权限控制过滤功能
			//获得目前访问的控制器和操作方法，并连接为字符串
			$nowac=CONTROLLER_NAME.'-'.ACTION_NAME;//当前操作
			if(ACTION_NAME=="loginout")session(null);
			//并使得当前操作与权限列表做对比
			$admin_id=session('admin_id');
//			var_dump($admin_id);
			$admin_name=session('admin_name');
			$any_allow_ac="Manager-login,Manager-code";
			if(empty($admin_id)&&strpos($any_allow_ac,$nowac)===false){
				//$this->redirect('Manager/login');
				$group_url=__MODULE__;
				$js=<<<eof
				<script type='text/javascript'>
				//top：作用使得整个frameset都跳转
				window.top.location.href="$group_url/Manager/login";
				</script>
eof;
			echo $js;
			}
//			var_dump($_SESSION);
			if(!empty($admin_id)&&$admin_name!=='admin'){//如果没登录则不执行此块
			
			$admin_info=D('Manager')->find($admin_id);//管理员信息
//			var_dump($admin_info);
			$role_id=$admin_info['roleid'];//管理员角色信息
			$role_info=D('Role')->find($role_id);//角色信息
			//$auth_ac=$role_info['role_auth_ac'];//权限列表信息
			//$auth_ac=D('Auth')->find($roleid);//权限列表信息
//			var_dump($role_info);
			$auth_ac=D('Auth')->where("id in ({$role_info['authids']})")->field('id,pid,controller,action')->select();
			//var_dump($auth_ac);
//			echo $role_info['authids'];
			$allow_ac_string;//把当前角色所拥有的权限组织为字符串
			foreach($auth_ac as $k=>$v){
				if($v['pid']!='0'){//非顶级权限,直接拼接权限字符串
					$allow_ac_string.=($v['controller']."-".$v['action'].',');
//					echo $v['id'].",";
//					var_dump($v);
					switch ($v['id']){//拥有次级模块的权限，则拥有该模块下的所有小权限
						case 110://所有商品，添加修改删除
							$allow_ac_string.="IntegralGoods-addintegralgoods,IntegralGoods-editintegralgoods,IntegralGoods-deleteintegralgoods,";
							break;
						case 111://评论审核
							$allow_ac_string.="IntegralGoods-changecommentsstatus,";
							break;
						case 122://所有分类，添加修改删除
							$allow_ac_string.="IntegralGoods-addcats,IntegralGoods-editcats,IntegralGoods-deletecats,";
							break;
						case 113://所有订单，发货退款
							$allow_ac_string.="Order-listquery,Order-listtable,Order-sendgoods,Order-getrefundreason,Order-torefund,";
							break;
						case 114://发货
							$allow_ac_string.="Order-listquery,Order-listtable,Order-sendgoods,";
							break;
						case 115://退款
							$allow_ac_string.="Order-listquery,Order-listtable,Order-getrefundreason,Order-torefund,";
							break;
						case 116://用户所有功能
							$allow_ac_string.="User-listquery,User-listtable,User-edituser,User-deleteuser,User-changestatus,";
							break;
						case 119://权限所有功能
							$allow_ac_string.="Auth-updateauth,Auth-addauth,Auth-deleteauth,";
							break;
						case 120://管理员模块所有功能
							$allow_ac_string.="Manager-addmanager,Manager-deletemanager,";
							break;
						case 121://角色模块所有
							$allow_ac_string.="Role-updaterole,Role-assignauth,Role-addrole,Role-deleterole,";
							break;
						case 0://轮播图所有
							$allow_ac_string.="Shop-addindexslides,Shop-editindexslides,Shop-deleteindexslides,";
							break;
						
					}
				}	
			}
		}
//			echo $allow_ac_string;
			//①当前操作是否是权限列表的信息判断
			//②当前操作没有出现在默认允许的权限列表里边
			$allow_ac="Manager-login,Manager-loginout,Manager-code,Index-left,Index-head,Index-right,Index-index,Index-top,Index-main";
			if(strpos($allow_ac_string,$nowac)===false&&strpos($allow_ac,$nowac)===false&&$admin_name!=='admin'){
				exit('No Access!ERROR 403');
			}
		}
	}
?>